Compare Vulnerability Assessment And Vulnerability Assessment
Comparison of Vulnerability Assessments and Penetration Testing
Abstract: Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns and Cyber threats. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of IT infrastructure is something that Organizations cannot afford to compromise. Vulnerability Assessment and Penetration Testing (VAPT) helps to assess the effectiveness or ineffectiveness of the security infrastructure installed by the Organizations to remain protected from the emerging Cyber threats. …show more content…
The results of the scans should be compared against baseline scans so that any changes (such as new open ports or added services) will be investigated. Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed; the new equipment should be scanned immediately and then added to the regular schedule of scans for all equipment. A vulnerability scanner serves to provide a “red flag” to alert personnel of a security issue. A vulnerability scan examines the current security in a passive method. It does not attempt to exploit any weaknesses that it finds; rather, it is intended to only report back what it uncovered. The types of weaknesses that it is searching for include identifying any known vulnerabilities, finding common misconfigurations, and uncovering a lack of security controls. Vulnerability scans are usually performed from inside the security perimeter and are not intended to disrupt the normal operations of the network or devices. These scans are conducted using an automated software package that examines the system for known weaknesses by passively testing the security controls. Because the automated software is conducting the test in a systematic fashion, a technician with only limited security experience could conduct the test. The resulting report, however, should be examined by trained security personnel to identify and correct any problems. There are several commercial as well as open source vulnerability scan software products available for large organizations. In addition, free products that provide users with scans of their local systems are popular. However, the free products may not always provide a comprehensive scan of an entire system. Because of the number of patch updates
Abstract: Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns and Cyber threats. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of IT infrastructure is something that Organizations cannot afford to compromise. Vulnerability Assessment and Penetration Testing (VAPT) helps to assess the effectiveness or ineffectiveness of the security infrastructure installed by the Organizations to remain protected from the emerging Cyber threats. …show more content…
The results of the scans should be compared against baseline scans so that any changes (such as new open ports or added services) will be investigated. Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed; the new equipment should be scanned immediately and then added to the regular schedule of scans for all equipment. A vulnerability scanner serves to provide a “red flag” to alert personnel of a security issue. A vulnerability scan examines the current security in a passive method. It does not attempt to exploit any weaknesses that it finds; rather, it is intended to only report back what it uncovered. The types of weaknesses that it is searching for include identifying any known vulnerabilities, finding common misconfigurations, and uncovering a lack of security controls. Vulnerability scans are usually performed from inside the security perimeter and are not intended to disrupt the normal operations of the network or devices. These scans are conducted using an automated software package that examines the system for known weaknesses by passively testing the security controls. Because the automated software is conducting the test in a systematic fashion, a technician with only limited security experience could conduct the test. The resulting report, however, should be examined by trained security personnel to identify and correct any problems. There are several commercial as well as open source vulnerability scan software products available for large organizations. In addition, free products that provide users with scans of their local systems are popular. However, the free products may not always provide a comprehensive scan of an entire system. Because of the number of patch updates